Articles
2 November 2021

Digital regulation - information overload

As if banks don’t have enough to worry about, the European digital regulatory calendar is packed with initiatives that will have a profound effect on the banking business model in the near future

The reconfiguration of finance leads to a host of regulatory responses

Neobanks and fintech players specialising in one or a few specific services are disrupting banking markets one by one. Prominent examples include services around payments, buy-now-pay-later, or working capital finance. Big-techs are integrating payments into their platforms, and more banking services look set to follow. Cryptocurrencies and “decentralised finance” (DeFi) are a pressure cooker laboratory for new configurations of financial services. While we do not believe that financial intermediaries will become superfluous in crypto- and DeFi-land, nor in a big tech-dominated landscape, we do think they will have to fundamentally re-think their roles and business models.

Banks will have to fundamentally re-think their business models

Rapid changes in digital markets have also invited a flurry of regulatory initiatives coming from Brussels. We are not going to discuss the regulation on cybersecurity and operational resilience in this report today; important regulatory initiatives here are the revised Directive on Security of Network and Information Systems, “NIS2”, and the Regulation on Digital Operational Resilience Act for the financial sector, “DORA”. The digital themes we want to focus on in this article are data portability and digital identity, the crypto universe and the digital euro. What these themes have in common is that they, each in their own ways, put the traditional banking business model under pressure. The challenge for banks is to focus not on the threats but on the opportunities posed by these (regulatory) changes.

Data portability and digital identity

By now, banks have become used to sharing account and payment data under the second Payment Services Directive (“PSD2”). Under this scheme, users can opt to “port” their payments data to third party providers, have those parties review their account data, or initiate payment on their behalf (as such, financial data portability under PSD2 is enhanced over the generic data portability enforced by the General Data Protection Regulation GDPR). A few years after PSD2 came into force in all countries, the European Banking Authority’s register today shows 178 Payment Initiation and 286 Account Information Service Provider licenses active in the EU. These are companies with dedicated licenses. In addition, banks may offer these services within the remit of their banking license.

The availability of services built on PSD2 data portability and their uptake among consumers may have developed less quickly than some had hoped. Yet the live payments data portability enabled by PSD2 has created a more-or-less standardised, API-based data exchange infrastructure among banks and third parties service providers.

The European Commission is working on multiple data-related initiatives, including AI regulation, a review of PSD2 and a Data Act. Furthermore, the Digital Markets Act (“DMA”) seeks to regulate so-called gatekeeper platforms (in practice, the big techs). The DMA also includes enhanced data portability stipulations.

Over the coming years, banks may have to open up more of their data

To summarise these multiple data-related regulatory initiatives, over the coming years banks will likely have to open up more of their data for real-time portability. At the same time, they may also find themselves on the receiving end of more real-time ported data. Banks that are willing and able to use that data to improve their services will be at an advantage compared to their peer banks. They will be better able to compete with non-bank fintech and big tech providers of banking services. At the same time, they are a more attractive potential partner to those very same non-bank providers. Thus banks face important questions about their data capabilities, and about how they want to put data to work in their organisation. Banks will also need to carefully consider how to reconcile any data ambitions with their role as trusted custodians of money and sensitive financial data.

Banks face important questions about their data capabilities

In this regard, another regulatory initiative deserves mention: the proposal to establish a European digital identity framework. The aim is to create a digital identity wallet for citizens, which holds their digital identity papers and other attributes. These can then be shared on an as-needed basis with digital services providers across the EU. As such, the wallet should become the single access key to digital markets. Given all the sensitivity and importance around this, developing digital identity solutions is likely going to be a public-private partnership. Banks are well-positioned to participate in such partnerships, given the extensive knowledge and documentation they tend to have on their clients. In any case, the regulatory initiatives around digital identity and data will in the coming years provide opportunities for those who see them and are able to reap them, while posing threats to those unable to follow.

Crypto and Decentralised Finance

Another area with rapid developments is the crypto-universe. No doubt helped by persistently low interest rates and high stock market valuations, interest for crypto assets among clients (both retail and wholesale) has increased over the past two years. Moreover, “decentralised finance” (DeFi) has rapidly become more popular.

Where the original aim of Bitcoin was to take out the middle man in payments, the aim of DeFi is to take out the middle man in other financial services, starting with saving, investing and borrowing. Yet with Bitcoin, things have turned out differently so far. The middle man has not disappeared, he just changed roles. Where in traditional payments, money is held in bank accounts and transferred between them via various methods, the crypto-universe saw the emergence of wallet providers and exchanges. In principle, it is possible to use cryptocurrency for payments without an intermediary. Yet in practice, many people, for now, choose to use an intermediary after all, for security or ease of use.

With Bitcoin, the middle man has not disappeared, he just changed roles

We expect similar developments in DeFi. In principle, it may be possible to use decentralised platforms to invest or borrow without the intervention of an intermediary. But the number of people willing to spend the time to do their own research, for example, vetting borrowers, and with the ability to, for instance. review smart contract code for bugs or scams, is likely limited. The majority of people may prefer to rely on a trusted intermediary to do the vetting for them. Roles of intermediaries may include offering credit assessment, contract code verification, curated portfolios, risk hedging and other aspects of asset management. Intermediaries may also help individual or corporate borrowers to obtain the best rate and conditions on DeFi markets.

The majority of people may prefer to rely on a trusted intermediary

From a regulatory perspective, a key issue is that regulation and supervision is inherently built around entities. Licenses are handed out to registered businesses, and supervision relies on registered businesses that can be supervised, visited, fined or sued when in non-compliance. An open-source DeFi platform, not owned by a particular business or person, and run on a decentralised blockchain, does not fit such an entity-based approach; it cannot be licensed, fined or shut down without going after each individual user running the software.

Regulation and supervision are inherently built around entities

While this is a fundamental problem yet to be resolved, it is not a problem for banks – or other intermediaries, wishing to become active in crypto or DeFi. Entity-based supervision works perfectly well for them. Indeed European policymakers are negotiating the “Markets in Crypto Assets” regulation (“MiCAR”), while the Basel Committee is considering the prudential treatment of crypto-assets on bank balance sheets. Getting further clarity on regulatory requirements, be they from a consumer protection, market integrity or prudential perspective, is a key prerequisite for regulated financial institutions to take further steps in the crypto- and DeFi-space.

Central bank digital currency: the digital euro

The third thing we want to discuss here is the digital euro, the Eurosystem’s version of a retail-oriented central bank digital currency (CBDC). Only three or four years ago, CBDC was a niche topic, with most central banks only sniffing the idea from tech and abstract scholarly perspectives. That all changed when Facebook announced its Libra plans in 2019, and central banks subsequently realised that the Chinese central bank was already far advanced in developing its CBDC called DC/EP. Today, 36% of the world’s central banks, covering 74% of their population, is looking into CBDC.

Who is looking into CBDCs?

% of world central banks, respective of global population

The main motivations for considering CBDCs in Europe appear to be to avert threats to “monetary sovereignty”. In concrete terms, policymakers want to prevent big tech-issued and non-euro-denominated stablecoins from taking over the role of the euro in daily life, as that would impair the central bank’s ability to steer the economy with its monetary policy. Issuing their own stablecoins would also help big techs in building closed ecosystems (“walled gardens”). Yet policymakers are trying to open up such ecosystems, for example by enhanced data portability (Digital Markets Act, Data Act). They'd rather see a common, publicly issued digital euro than a few dominant platform-bound stablecoins.

Moreover, currencies and their infrastructures are seen as a tool in geostrategic positioning. The dollar is currently the uncontested 'number one' for trade and global financial markets. But an internationally available, easy to use and safe CBDC infrastructure could give other currencies an edge.

CBDC worries: balance sheet disintermediation

For banks, a retail-oriented CBDC, like the digital euro is shaping up to be, has implications both from a balance sheet and client perspective. As for the former, the availability of CBDC likely implies both a structural drain on retail payment accounts as well as more volatility, especially in recession and crisis times. Worrying about bank funding may seem superfluous in today's world of abundant TLTROs but those will one day disappear.

Central banks may have to enhance existing backstop funding facilities

The digital euro is a long term project; banks will need to adjust their funding plans accordingly. The impact on bank balance sheets might be limited if the digital euro were to be a means of payment only, not a store of value, as the Eurosystem emphasises. Yet that is a big 'if'. Caps on CBDC transactions and/or holdings are often mentioned as a way to restrict CBDC usage. Yet political pressure could develop over time to lift such seemingly arbitrary caps.

Moreover, CBDC use by businesses (such as retailers) and cross-border/cross-currency transactions are hard to square with caps. To cushion increased bank deposit volatility, central banks may have to enhance existing backstop funding facilities (such as the ECB’s marginal lending facility). In more far-reaching scenarios, permanent longer-term funding facilities may even be considered.

CBDC worries: client and data disintermediation

Apart from the funding aspect, CBDC means that competition for the (retail) client will intensify. Traditionally in many markets, the payment account has been the primary contact point for banks to engage with their clients. Competition in payments has been intensifying over the past years, and this will continue in the near future. Banks, neo-banks, fintechs and big-tech would all like to be the first brand the customer encounters and be at the epicentre of client interaction.

The data generated by this interaction is a valuable source of information. This ties into banks’ responses to data portability and digital identity regulatory initiatives discussed above. A digital euro would be a new opportunity for non-banks to develop account/wallet management and payment services and thus compete with more traditional financial institutions.

The motivators for a digital euro

Monetary sovereignty and geostrategic autonomy are clear motivations for a digital euro. From a more narrow end-user perspective, the gains of a digital euro are less clear.

The gains of a digital euro are less clear

Digital means of payment are readily available today, though acceptance and use vary across the EU. That said, banks better follow discussions closely in the coming two years, during the ECB’s “investigation phase”. The European Commission is due to adopt a regulation in early 2023, setting out key design features. Crucial decisions are, therefore, being made in the coming 18 months, and this is also the phase determining whether the digital euro will turn out useful for banks or will instead be primarily weakening them vis-à-vis big techs incorporating the digital euro seamlessly into their ecosystems.

Fundamental questions to be considered

The three themes discussed here, data, crypto and CBDC, show how the regulatory and institutional framework is a key factor shaping banks’ perspectives. Although the regulatory initiatives described will take time to be concluded and implemented, banks would do better to prepare and be ready for them. Several of the issues raise fundamental questions about the bank business model: what role for data in banking? What role for financial intermediation when decentralised financial services take hold? And even: what role for the bank balance sheet, for money creation in a world of CBDC and non-bank issued stablecoins?

These will not be issues that separate the winners from the laggards already over the coming year. Yet these are defining questions that will shape banking over the next decade.


Disclaimer

"THINK Outside" is a collection of specially commissioned content from third-party sources, such as economic think-tanks and academic institutions, that ING deems reliable and from non-research departments within ING. ING Bank N.V. ("ING") uses these sources to expand the range of opinions you can find on the THINK website. Some of these sources are not the property of or managed by ING, and therefore ING cannot always guarantee the correctness, completeness, actuality and quality of such sources, nor the availability at any given time of the data and information provided, and ING cannot accept any liability in this respect, insofar as this is permissible pursuant to the applicable laws and regulations.

This publication does not necessarily reflect the ING house view. This publication has been prepared solely for information purposes without regard to any particular user's investment objectives, financial situation, or means. The information in the publication is not an investment recommendation and it is not investment, legal or tax advice or an offer or solicitation to purchase or sell any financial instrument. Reasonable care has been taken to ensure that this publication is not untrue or misleading when published, but ING does not represent that it is accurate or complete. ING does not accept any liability for any direct, indirect or consequential loss arising from any use of this publication. Unless otherwise stated, any views, forecasts, or estimates are solely those of the author(s), as of the date of the publication and are subject to change without notice.

The distribution of this publication may be restricted by law or regulation in different jurisdictions and persons into whose possession this publication comes should inform themselves about, and observe, such restrictions.

Copyright and database rights protection exists in this report and it may not be reproduced, distributed or published by any person for any purpose without the prior express consent of ING. All rights are reserved.

ING Bank N.V. is authorised by the Dutch Central Bank and supervised by the European Central Bank (ECB), the Dutch Central Bank (DNB) and the Dutch Authority for the Financial Markets (AFM). ING Bank N.V. is incorporated in the Netherlands (Trade Register no. 33031431 Amsterdam).